wwh1004 20 Posted June 23 (edited) I once post it in a China forum, you can visit it in https://www.52pojie.cn/thread-762832-1-1.html by Google Translator I try my best to introduce it using English 1. download x64dbg and download the symbol file of clr.dll (mscorwks.dll if runtime is .net2.0~.net3.5) 2.set a breakpoint at "SystemDomain::ExecuteMainMethod" in clr.dll/mscorwks.dll and run 3.use MegaDumper (I use my ExtremeDumper based on codecracker's megadumper https://github.com/wwh1004/ExtremeDumper) to dump the main module when the program break at "SystemDomain::ExecuteMainMethod" 4.fix pe header and maybe you shoud also fix .net header This way is more complex than use MegaDumper only and directt dump the assembly. But if the assembly is packed with native stub and protected with anti dump (ConfuserEx and others) or protected with whole #US encryption (DNGuardHVM and others), maybe this way is good to dump assemblies. If you can not understand it, you can reply me. Best wish. Edited June 23 by wwh1004 (see edit history) 2 1 Share this post Link to post
wwh1004 20 Posted June 23 4 hours ago, Keosoft90 said: @wwh1004 : can you add 2 tools to here ? https://github.com/x64dbg/x64dbg/releases https://github.com/wwh1004/ExtremeDumper/releases 3 Share this post Link to post
Black Hat Anonymous 24 Posted June 23 There is a Script of OLLYDBG made by @GIV that also helps to unpack the Anti Dump protected .NET Files and newbie Friendly too. But this method I tested and works well which you described. Very nice Explanation too. Thank you !!! Share this post Link to post
mdj 21 Posted June 25 (edited) @wwh1004 please share video on other server i cannot download from pan.baidu Edited June 25 by mdj (see edit history) Share this post Link to post
kao 1,881 Posted June 25 @mdj: 使用x64dbg暴打非托管强壳.mp4 -> https://mega.nz/#!Y5JBTaCS!hJXzN5ssvUyRHW8VgpGxINEVrW1zJ2Up96vqqJVG5co I can upload the second video tomorrow, if you need that too. @all: Please be nice and don't abuse the link, it is a free Mega account and has traffic limitations. 4 2 Share this post Link to post
mdj 21 Posted June 26 @kao thank you very very much for this if you have time please upload second video Best Regards Share this post Link to post
kao 1,881 Posted June 26 [.NET]实战UnpackMe.mp4 -> https://mega.nz/#!YxwQSAxA!Lwd9XStVyue8fdYKZXmYkoDxE0Y7ftsyNYtBKLTRrGM 4 2 Share this post Link to post
